mirror of
https://github.com/verdigado/organization_folders.git
synced 2024-12-06 11:22:41 +01:00
Added security classes and draft version of ResourceVoter
This commit is contained in:
parent
22c06b5689
commit
88cb258c2b
11 changed files with 428 additions and 0 deletions
40
lib/Controller/BaseController.php
Normal file
40
lib/Controller/BaseController.php
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
<?php
|
||||
|
||||
namespace OCA\OrganizationFolders\Controller;
|
||||
|
||||
use OCA\OrganizationFolders\AppInfo\Application;
|
||||
use OCA\OrganizationFolders\Errors\AccessDenied;
|
||||
use OCA\OrganizationFolders\Security\AuthorizationService;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\IRequest;
|
||||
|
||||
class BaseController extends Controller {
|
||||
private AuthorizationService $authorizationService;
|
||||
|
||||
public function __construct(
|
||||
) {
|
||||
parent::__construct(
|
||||
Application::APP_ID,
|
||||
\OC::$server->get(IRequest::class),
|
||||
);
|
||||
|
||||
$this->authorizationService = \OC::$server->get(AuthorizationService::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Throws an exception unless the attributes are granted for the current authentication user and optionally
|
||||
* supplied subject.
|
||||
*
|
||||
* @param string[] $attributes The attributes
|
||||
* @param mixed $subject The subject
|
||||
* @param string[] $attributes Attributes of subject
|
||||
* @param string $message The message passed to the exception
|
||||
*
|
||||
* @throws AccessDenied
|
||||
*/
|
||||
protected function denyAccessUnlessGranted(array $attributes, $subject, $message = 'Access Denied.') {
|
||||
if (!$this->authorizationService->isGranted($attributes, $subject)) {
|
||||
throw new AccessDenied($message);
|
||||
}
|
||||
}
|
||||
}
|
||||
35
lib/Controller/Errors.php
Normal file
35
lib/Controller/Errors.php
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
<?php
|
||||
|
||||
namespace OCA\OrganizationFolders\Controller;
|
||||
|
||||
use Closure;
|
||||
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
|
||||
use OCA\OrganizationFolders\Errors\NotFoundException;
|
||||
|
||||
trait Errors {
|
||||
private function errorResponse(\Exception $e, $status = Http::STATUS_BAD_REQUEST): JSONResponse {
|
||||
$response = ['error' => get_class($e), 'message' => $e->getMessage()];
|
||||
return new JSONResponse($response, $status);
|
||||
}
|
||||
|
||||
protected function handleNotFound(Closure $callback): JSONResponse {
|
||||
try {
|
||||
return new JSONResponse($callback());
|
||||
} catch (NotFoundException $e) {
|
||||
return $this->errorResponse($e, Http::STATUS_NOT_FOUND);
|
||||
} catch (\Exception $e) {
|
||||
return $this->errorResponse($e);
|
||||
}
|
||||
}
|
||||
|
||||
protected function handleErrors(Closure $callback): JSONResponse {
|
||||
try {
|
||||
return new JSONResponse($callback());
|
||||
} catch (\Exception $e) {
|
||||
return $this->errorResponse($e);
|
||||
}
|
||||
}
|
||||
}
|
||||
62
lib/Controller/ResourceController.php
Normal file
62
lib/Controller/ResourceController.php
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
<?php
|
||||
|
||||
namespace OCA\OrganizationFolders\Controller;
|
||||
|
||||
use OCP\AppFramework\Http\JSONResponse;
|
||||
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
|
||||
|
||||
use OCA\OrganizationFolders\Service\ResourceService;
|
||||
|
||||
class ResourceController extends BaseController {
|
||||
use Errors;
|
||||
|
||||
public function __construct(
|
||||
private ResourceService $service,
|
||||
private string $userId,
|
||||
) {
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
#[NoAdminRequired]
|
||||
public function show(int $resourceId): JSONResponse {
|
||||
return $this->handleNotFound(function () use ($resourceId) {
|
||||
$resource = $this->service->find($resourceId);
|
||||
|
||||
$this->denyAccessUnlessGranted(['READ'], $resource);
|
||||
|
||||
return $resource;
|
||||
});
|
||||
}
|
||||
|
||||
#[NoAdminRequired]
|
||||
public function create(
|
||||
int $organizationFolderId,
|
||||
string $type,
|
||||
string $name,
|
||||
?int $parentResourceId = null,
|
||||
bool $active = true,
|
||||
bool $inheritManagers = true,
|
||||
|
||||
// for type folder
|
||||
?int $membersAclPermission = null,
|
||||
?int $managersAclPermission = null,
|
||||
?int $inheritedAclPermission = null,
|
||||
): JSONResponse {
|
||||
return $this->handleErrors(function () use ($organizationFolderId, $type, $name, $parentResourceId, $active, $inheritManagers, $membersAclPermission, $managersAclPermission, $inheritedAclPermission) {
|
||||
// TODO: check permissions
|
||||
|
||||
return $this->service->create(
|
||||
organizationFolderId: $organizationFolderId,
|
||||
type: $type,
|
||||
name: $name,
|
||||
parentResourceId: $parentResourceId,
|
||||
active: $active,
|
||||
inheritManagers: $inheritManagers,
|
||||
|
||||
membersAclPermission: $membersAclPermission,
|
||||
managersAclPermission: $managersAclPermission,
|
||||
inheritedAclPermission: $inheritedAclPermission,
|
||||
);
|
||||
});
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue